Condition key and operator information

Available in Classic and VPC

Describes the items related to Condition settings provided by NAVER Cloud Platform.

Condition key/value

Condition key/value: Property information to be applied to the policy. Permission checks are performed by comparing the "key:value" set in the condition key with the "key:value" of the properties where the policy is performed.

Type	Condition key	Details	Value input	Value information path	Data type
Principal properties	ncp:principalName	User name of the action performer.	User name.	Services > Management & Governance > Sub Account > Sub Accounts > Sub account details.	String
	ncp:principalId	Login ID of the action performer.	Login ID.	Services > Management & Governance > Sub Account > Sub Accounts > Sub account details.	String
	ncp:principaluuid	ID no of the action performer.	ID	Services > Management & Governance > Sub Account > Sub Accounts > Sub account details.	String
	ncp:principalType	Type of the action performer.	Enter the corresponding value from the following: If the performer is a sub account, enter IamUser. If the performer is a role, enter IamRole.		String
	ncp:sourceIdentityId	Each role's target resource if the principalType is IamRole.	AccountRole: Role transitioned user's Sub Account ID. SSO Role: Role transitioned user's SSO user ID. Service Role: Role assigned service's resource information.	AccountRole: Services > Management & Governance > Sub Account > Sub Accounts > Sub account details > ID. SSO Role: Services > Management & Governance > Ncloud Single Sign-On > External IdP Login > Users > User details > ID. Service Role_Data Flow: Services > Management & Governance > Resource Manager > Service role connected Data Flow resource's NRN. Service Role_Datafence: Services > Management & Governance > Resource Manager > Service role connected Datafence resource's NRN. Service Role_External Access: Services > Management & Governance > Sub Account > External Access > Subject Activity details > Performer.	String
	ncp:sourceIdentityType	Each role's user type if the principalType is IamRole.	Enter the corresponding value from the following: If AccountRole, enter IamUser. If SSO Role, enter FederatedUser. If Server Role, enter Server. If Service Role, enter NcloudService.		String
Resource properties	ncp : resourceTag	Used to allow or deny user actions on resources with specific tags when performing actions where resource specification is available.	key:value		String
	ncp : requestTag	A tag that controls whether a tag is required and which types of tags can be assigned when performing tag-assignment actions.	key:value		String

Condition operators

Operator: A string condition used to check the "key:value" set in the condition key during permission checks.

Type	Description	Note
StringEquals	String matches exactly (case-sensitive)	If the multiple values are included or if 1 of the specified values matches, true.
StringNotEquals	String mismatches (case-sensitive)	If multiple values are included, nor if all specified values do not match, true.
StringLike	String matches similarly (case-sensitive)	* True if a string partially matches, including (multiple wildcard). If the multiple values are included or if 1 of the specified values matches, true.
StringNotLike	Matches similarly (case-sensitive)	* True if a string partially matches, including (multiple wildcard). If multiple values are included, nor if all specified values do not match, true.

Type	Description	Note
~IfExists	Check the condition only if the key exists followed by the operator.	If it does not exist, true.

Was this article helpful?